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Amendments to the Claims 

1 . (Original) A method comprising: 

receiving a resource request from a first requestor, the resource request including 
credentials and identifying an operation to be performed with respect to a resource; 

mapping the resource request to a resource 
identifier; 

searching a resource data structure for a resource node based on the resource 
identifier; and 

determining whether the first requestor is authorized to perform the operation 
with respect to the resource based on whether the credentials in the resource request 
match a resource authorization parameter associated with the resource node. 

2. (Original) The method of claim 1 wherein searching includes searching resource 
nodes each of which represents a resource and includes a resource identifier. 

3. (Original) The method of claim 1 wherein searching includes searching a directed 
graph structure. 

4. (Original) The method of claim 1 wherein receiving a resource request includes 
receiving a digital certificate conforming to a simplified public key infrastructure. 

5. (Original) The method of claim 1 wherein mapping includes mapping the resource 
request to the resource identifier and a resource authorization parameter including an 
owner level authorizing complete access to the resource. 

6. (Original) The method of claim 1 wherein mapping includes mapping the resource 
request to the resource identifier and a resource authorization parameter including an 
editor level authorizing read/write access to the resource. 

7. (Original) The method of claim 1 wherein mapping includes mapping the resource 
request to the resource identifier and a resource authorization parameter including a 
reviewer level authorizing read only access to the resource. 

8. (Original) The method of claim 1 wherein mapping includes mapping the resource 
request to the resource identifier and a resource authorization parameter including a none 
level denying all access to the resource. 

9. (Original) The method of claim 1 including delegating the credentials of a child node 
to a parent node in the resource data structure. 

10. (Original) The method of claim 9 in which the resource request is handled based on 
the delegated credentials. 
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11. (Original) The method of claim 1 wherein the resource request originates from a 
client computer directed to a server computer over a network. 

12. (Currently Amended) An apparatus comprising: 

a memory for storing a resource data structure having resource nodes each of 
which represents a respective resource and which has a respective resource identifier and 
a resource authorization parameter; and 

a processor configured to: 

receive a resource request from a first requestor, the resource request 

including credentials and identifying an operation to be performed with respect to 

a resource; 

map the resource request to a resource identifier; 

search the resource data structure for a resource node based on the 
resource identifier; and 

determine whether the first requestor is authorized to perform the 
operation with respect to the resource based on whether the credentials in the 
resource request match a the resource authorization parameter associated with the 
resource node. 

13. (Original) The apparatus of claim 12 wherein the resource data structure comprises a 
directed graph structure. 

14. (Original) The apparatus of claim 12 wherein the credentials include a digital 
certificate conforming to a simplified public key infrastructure. 

15. (Currently Amended) The apparatus of claim 12 wherein the resource nodes further 
comprise a resource authorization level, wherein the resource authorization level includes 
an owner level authorizing complete access to the resource. 

16. (Currently Amended) The apparatus of claim 12 wherein the resource nodes further 
comprise a resource authorization level, wherein the resource authorization level includes 
an editor level authorizing read/write access to the resource. 

17. (Currently Amended) The apparatus of claim 12 wherein the resource nodes further 
comprise a resource authorization level, wherein the resource authorization level includes 
a reviewer level authorizing read only access to the resource. 

18. (Currently Amended) The apparatus of claim 12 wherein the resource nodes further 
comprise a resource authorization level, wherein the resource authorization level includes 
a none level denying all access to the resource. 

19. (Original) The apparatus of claim 12 wherein resource data structure includes the 
delegation of a resource authorization level from a child node to a parent node. 

20. (Currently Amended) A system comprising: 
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a first computer associated with a first requestor configured to generate resource 
requests with credentials; 

a second computer including memory storing a resource data structure with 
resource nodes each of which represents a respective resource and which has a respective 
resource identifie r, a resource authorization parameter, and a resource authorization level, 
and the second computer configured to: 

receive a resource request from a first requestor, the resource request 

including credentials and identifying an operation to be performed with respect to 

a resource; 

map the resource request to a resource identifier; 

search the resource data structure for a resource node based on the 
resource identifier; and 

determine whether the first requestor is authorized to perform the 
operation with respect to the resource based on whether the credentials in the 
resource request match a the resource authorization level parameter associated 
with the resource node; and 

a network over which the first and second computers communicate. 

21 . (Original) The system of claim 20 wherein the resource data structure comprises a 
directed graph data structure. 

22. (Original) The system of claim 20 wherein the credentials include a digital certificate 
conforming to a simplified public key infrastructure. 

23. (Original) The system of claim 20 wherein the resource authorization level includes a 
level from the group consisting of owner level, editor level, reviewer level, none level. 

24. (Original) The system of claim 20 including the delegation of the credentials from a 
child node to a parent node. 

25. (Original) The system of claim 20 including the delegation of credentials associated 
with the first requestor to a second requestor wherein the second requestor can request 
resources using the credentials from the first requestor as if it were the first requestor. 

26. (Currently Amended) An article comprising a computer readable medium that stores 
computer executable instructions for causing a computer system to: 

map a resource request to a resource identifier, in response to receiving the 
resource request from a first requestor, the resource request including credentials and 
identifying an operation to be performed with respect to a resource; 

search a resource data structure for a resource node 
based on the resource identifier; and 

determine whether the first requestor is authorized to perform the operation with 
respect to the resource based on whether the credentials in the resource request match a 
resource authorization level parameter associated with the resource node. 
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27. (Currently Amended) The article of claim 26 including instructions for causing the 
computer system to have a directed graph data structure with resource nodes representing 
resources including a the resource identifier and a resource authorization level. 

28. (Original) The article of claim 26 including instructions for causing the computer 
system to have digital certificates conforming to a simplified public key infrastructure. 

29. (Original) The article of claim 26 including instructions for causing the computer 
system to delegate the credentials of a child node to a parent node. 

30. (Original) The article of claim 26 including instructions for causing the computer 
system to delegate the credentials associated with the first requestor to a second requestor 
to allow the second requestor to request resources using the credentials from the first 
requestor as if it were the first requestor. 



